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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 20 March 2008 . 
2a )^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1,2,4-8 and 15-23 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1.2.4-8.15-20.22 and 23 is/are rejected. 

7) ^ Claim(s) 21_ is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Applicant's election without traverse of Group I (Claims 1 , 2, 4-8 and 1 5-21 ) in the reply filed on March 
20, 2008 is acknowledged. 

Claims 3, 9-14 are canceled. Claims 22 and 23 are added. Thus, the pending claims are 1, 2, 4-8 and 
15-23 are pending. 

Response to Arguments 

Applicant's arguments filed on November 26, 2007 have been considered but are moot in view of the 
new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set 
forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 
102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the 
subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill 
in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

Claims 1, 2, 4-8, 15-19, 22 and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Rayes et al. US 7,234,163 B1 (hereinafter Rayes) in view of Iyer et al. US 2005/0254474 A1 (hereinafter Iyer). 

As per claims 1,15 and 22, Rayes teaches a method for detecting ARP spoofing including: 
receiving a data packet at an ARP collector, wherein the data packet is generated by a first device on 
the network, and wherein the data packet includes information from an ARP reply received at the first device 
from a second device on the network, the information including a MAC address of the second device and an IP 
address given as a source IP address of the second device in the ARP reply [column 7, lines 35-45]; 
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analyzing at least one association in a database accessible to the ARP collector to determine whether 
ARP spoofing occurs, and wherein the at least one association includes a MAC address that is identical to the 
MAC address included in the data packet [column 7, line 63 - column 9, line 4]. 

Rayes is silent on the system, wherein the analyzing is based on a time associated with the at least one 
association. However, Iyer teaches detecting spoofing including analyzing at least one association, wherein 
analyzing is based on a time associated with the at least one association [paragraph 0093]. It would have been 
obvious to one having ordinary skill in the art at the time of applicant's invention to employ the teachings of Iyer 
within the system of Rayes in order to enhance the security of the system. 

As per claims 4, 5 and 16, Rayes further teaches the method wherein the information stored in the 
database includes a MAC address of a device which generated an ARP reply, and an IP address given as a 
source IP address in the ARP reply and a time at which the ARP reply was received on the port, and an 
identification of the port on which the ARP reply was received [figure 1, units 160 &170 and column 7, lines 13- 
21]. 

As per claims 6 and 1 8, Rayes further teaches the method wherein when it is determined that there is a 
spoofed ARP reply, blocking the port on which the spoofed ARP reply was received [column 9, lines 20-42]. 

As per claims 7 and 19, Rayes further teaches the method wherein when it is determined that there is a 
spoofed ARP reply, filtering a MAC address which generated the spoofed ARP reply at a port at which the 
spoofed ARP reply was received [column 9, lines 20-43]. 

As per claim 8 and 17, Rayes further teaches the method further comprising: 
transmitting the data packet to the ARP collector and generating an alert when an ARP spoofing condition 
occurs [column 9, lines 6-19]. 
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As per claim 23, Rayes further teaches the system wherein said network device is a Layer 2 switch 
[figure 1]. 

Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over Rayes et al. US 7,234,163 B1 
(hereinafter Rayes) in view of Iyer et al. US 2005/0254474 A1 and further in view of Gunter et al. US 6,751,728 
B1 (hereinafter Gunter). 

As per claim 2, Rayes teaches a method of detecting ARP spoofing as indicated above. Rayes is silent 
on generating the data packet which includes encrypting the data packet. However, encrypting data packets is 
old and well known in the art which has the advantage of enhancing security of a system. For example, Gunter 
teaches transmitting packets, including encrypting the transmitted packets [see at least abstract]. It would have 
been obvious to one having ordinary skill in the art at the time of applicant's invention to employ the teachings 
of Gunter within the system of Rayes-lyer in order to enhance security of the system. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the 
rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by another filed in the 
United States before the invention by the applicant for patent or (2) a patent granted on an application for patent by 
another filed in the United States before the invention by the applicant for patent, except that an international application 
filed under the treaty defined in section 351 (a) shall have the effects for purposes of this subsection of an application 
filed in the United States only if the international application designated the United States and was published under 
Article 21(2) of such treaty in the English language. 

Claim 20 is rejected under 35 U.S.C. 102(e) as being anticipated by Doyle US 7,134,012. 
As per claim 20, Doyle teaches a method for detecting ARP spoofing in a computer network, the 
method comprising: 
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receiving a data packet at an ARP collector, wherein the data packet is generated by a first device on 
the network, and wherein the data packet includes information from an ARP reply received at the first device 
from a second device on the network, the information including a MAC address of the second device and an IP 
address given as a source IP address of the 
second device in the ARP reply [column 9, lines 7-15]; and 

analyzing at least two associations in a database accessible to the ARP collector to 
determine whether ARP spoofing occurs, wherein each of the at least two associations include a MAC address 
that is identical to the MAC address included in the data packet [column 9, lines 16-29]. 

Allowable Subject Matter 

Claim 21 is objected to as being dependent upon a rejected base claim, but would be allowable if 
rewritten in independent form including all of the limitations of the base claim and any intervening claims. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. 
Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension 
of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the 
mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this 
final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In 
no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final 
action. 
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Any inquiry concerning this communication or earlier communications from the examiner should be 
directed to BEEMNET W. DADA whose telephone number is (571 )272-3847. The examiner can normally be 
reached on Monday - Friday (9:00 am - 5:30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Kim Y. Vu 
can be reached on (571 ) 272-3859. The fax phone number for the organization where this application or 
proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866- 
217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 
the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Beemnet W Dada/ 

May 23, 2008 
/KIMYEN VU/ 

Supervisory Patent Examiner, Art Unit 2135 



